[moira.git] / incremental / afs.c

/* $Header$
 *
 * Do AFS incremental updates
 *
 * Copyright (C) 1989 by the Massachusetts Institute of Technology
 * for copying and distribution information, please see the file
 * <mit-copyright.h>.
 */

#include <sms.h>
#include <sms_app.h>
#include <sys/param.h>
#include <krb.h>
#include <krb_et.h>
#include <afs/auth.h>
#include <pwd.h>
#include <sys/file.h>

#define file_exists(file) (access((file), F_OK) == 0)

#define PRS	"/u1/sms/bin/prs"
#define FS	"/u1/sms/bin/fs"


char *whoami;

main(argc, argv)
char **argv;
int argc;
{
    int beforec, afterc;
    char *table, **before, **after;
#ifdef DEBUG
    char buf[1024];
    int i;
#endif

    table = argv[1];
    beforec = atoi(argv[2]);
    before = &argv[4];
    afterc = atoi(argv[3]);
    after = &argv[4 + beforec];
    whoami = argv[0];

#ifdef DEBUG
    sprintf(buf, "%s (", table);
    for (i = 0; i < beforec; i++) {
	if (i > 0)
	  strcat(buf, ",");
	strcat(buf, before[i]);
    }
    strcat(buf, ")->(");
    for (i = 0; i < afterc; i++) {
	if (i > 0)
	  strcat(buf, ",");
	strcat(buf, after[i]);
    }
    strcat(buf, ")\n");
    write(1,buf,strlen(buf));
#endif

    initialize_sms_error_table();
    initialize_krb_error_table();

    if (!strcmp(table, "users")) {
	do_user(before, beforec, after, afterc);
    } else if (!strcmp(table, "list")) {
	do_list(before, beforec, after, afterc);
    } else if (!strcmp(table, "members")) {
	do_member(before, beforec, after, afterc);
    } else if (!strcmp(table, "filesys")) {
	do_filesys(before, beforec, after, afterc);
    } else if (!strcmp(table, "nfsquota")) {
	do_quota(before, beforec, after, afterc);
    }
    unlog();
    exit(0);
}


do_cmd(cmd)
char *cmd;
{
    char realm[REALM_SZ + 1];
    static int inited = 0;
    int success = 0, tries = 0, fd, cc;
    CREDENTIALS *c, *get_ticket();
    struct passwd *pw;
    char buf[128], localcell[128], *p, *index();

    while (success == 0 && tries < 3) {
	if (!inited) {
	    if (krb_get_lrealm(realm) != KSUCCESS)
	      (void) strcpy(realm, KRB_REALM);
	    sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
	    krb_set_tkt_string(buf);

	    if ((fd = open("/usr/vice/etc/ThisCell", O_RDONLY, 0)) < 0) {
		critical_alert("incremental", "unable to find AFS cell");
		exit(1);
	    }
	    if ((cc = read(fd, localcell, sizeof(localcell))) < 0) {
		critical_alert("incremental", "unable to read AFS cell");
		exit(1);
	    }
	    close(fd);
	    p = index(localcell, '\n');
	    if (p) *p = 0;

	    if (((pw = getpwnam("smsdba")) == NULL) ||
		((c = get_ticket("sms", "", realm, localcell)) == NULL) ||
		(setpag() < 0) ||
		(setreuid(pw->pw_uid, pw->pw_uid) < 0) ||
		aklog(c, localcell)) {
		com_err(whoami, 0, "failed to authenticate");
	    } else
	      inited++;
	}

	if (inited) {
	    com_err(whoami, 0, "Executing command: %s", cmd);
	    if (system(cmd) == 0)
	      success++;
	}
	if (!success) {
	    tries++;
	    sleep(5 * 60);
	}
    }
    if (!success)
      critical_alert("incremental", "failed command: %s", cmd);
}


do_user(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    int bstate, astate;
    char cmd[512];

    cmd[0] = bstate = astate = 0;
    if (afterc > U_STATE)
      astate = atoi(after[U_STATE]);
    if (beforec > U_STATE)
      bstate = atoi(before[U_STATE]);
    if (astate == 2) astate = 1;
    if (bstate == 2) bstate = 1;

    if (astate != 1 && bstate != 1)
      return;
    if (astate == 1 && bstate != 1) {
	sprintf(cmd, "%s newuser -name %s -id %s",
		PRS, after[U_NAME], after[U_UID]);
	do_cmd(cmd);
	return;
    } else if (astate != 1 && bstate == 1) {
	sprintf(cmd, "%s delete %s", PRS, before[U_NAME]);
	do_cmd(cmd);
	return;
    }

    if (beforec > U_UID && afterc > U_UID &&
	strcmp(before[U_UID], after[U_UID])) {
	/* change UID, & possibly user name here */
	exit(1);
    }

    if (beforec > U_NAME && afterc > U_NAME &&
	strcmp(before[U_NAME], after[U_NAME])) {
	sprintf(cmd, "%s chname -oldname %s -newname %s",
		PRS, before[U_NAME], after[U_NAME]);
	do_cmd(cmd);
    }
}


do_list(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];
    int agid, bgid;

    cmd[0] = agid = bgid = 0;
    if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
      bgid = atoi(before[L_GID]);
    if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
      agid = atoi(after[L_GID]);

    if (bgid == 0 && agid != 0) {
	sprintf(cmd,
		"%s create -name system:%s -id %s -owner system:administrators",
		PRS, after[L_NAME], after[L_GID]);
	do_cmd(cmd);
	return;
    }
    if (agid == 0 && bgid != 0) {
	sprintf(cmd, "%s delete -name system:%s", PRS, before[L_NAME]);
	do_cmd(cmd);
	return;
    }
    if (agid == 0 && bgid == 0)
      return;
    if (strcmp(before[L_NAME], after[L_NAME])) {
	sprintf(cmd,
		"%s chname -oldname system:%s -newname system:%s",
		PRS, before[L_NAME], after[L_NAME]);
	do_cmd(cmd);
	return;
    }
}


do_member(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];

    if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
	sprintf(cmd, "%s add -user %s -group system:%s",
		PRS, after[LM_MEMBER], after[LM_LIST]);
	do_cmd(cmd);
	return;
    }
    if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
	sprintf(cmd, "%s remove -user %s -group system:%s",
		PRS, before[LM_MEMBER], before[LM_LIST]);
	do_cmd(cmd);
	return;
    }
}


do_filesys(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    if (afterc < FS_CREATE)
      return;
    if (!strcmp("AFS", after[FS_TYPE]) && !strncmp("/afs", after[FS_PACK]) &&
		!file_exists(after[FS_PACK])) {
	critical_alert("incremental", "unable to create locker %s",
		       after[FS_PACK]);
    }
}


do_quota(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];

    if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
	!(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
      return;
    if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
      return;
    if (afterc != 0) {
	sprintf(cmd, "%s setquota -dir %s -quota %s",
		FS, after[Q_DIRECTORY], after[Q_QUOTA]);
	do_cmd(cmd);
	return;
    }
}


CREDENTIALS *get_ticket(name, instance, realm, cell)
char *name;
char *instance;
char *realm;
char *cell;
{
    static CREDENTIALS c;
    int status;

    status = krb_get_svc_in_tkt(name, instance, realm,
				"krbtgt", realm, 1, KEYFILE);
    if (status != 0) {
	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
	return(NULL);
    }
    status = krb_get_cred("afs", cell, realm, &c);
    if (status != 0) {
	status = get_ad_tkt("afs", cell, realm, 255);
	if (status == 0)
	  status = krb_get_cred("afs", cell, realm, &c);
    }
    if (status != 0) {
	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
	return(NULL);
    }
    return(&c);
}


aklog(c, cell)
CREDENTIALS *c;
char *cell;
{
	struct ktc_principal aserver;
	struct ktc_token atoken;
	
	atoken.kvno = c->kvno;
	strcpy(aserver.name, "afs");
	strcpy(aserver.instance, "");
	strcpy(aserver.cell, cell);

	atoken.startTime = c->issue_date;
	atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
	bcopy (c->session, &atoken.sessionKey, 8);
	atoken.ticketLen = c->ticket_st.length;
	bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
	
	return(ktc_SetToken(&aserver, &atoken, NULL));
}


unlog()
{
    ktc_ForgetToken("afs");
    dest_tkt();
}
Commit	Line	Data
fb8809f4	1	/* $Header$
	2	*
	3	* Do AFS incremental updates
	4	*
	5	* Copyright (C) 1989 by the Massachusetts Institute of Technology
	6	* for copying and distribution information, please see the file
	7	* <mit-copyright.h>.
	8	*/
	9
	10	#include <sms.h>
	11	#include <sms_app.h>
	12	#include <sys/param.h>
	13	#include <krb.h>
	14	#include <krb_et.h>
	15	#include <afs/auth.h>
	16	#include <pwd.h>
f633445d	17	#include <sys/file.h>
	18
	19	#define file_exists(file) (access((file), F_OK) == 0)
fb8809f4	20
ac3e92fb	21	#define PRS "/u1/sms/bin/prs"
	22	#define FS "/u1/sms/bin/fs"
	23
fb8809f4	24
	25	char *whoami;
	26
	27	main(argc, argv)
	28	char **argv;
	29	int argc;
	30	{
	31	int beforec, afterc;
	32	char table, before, *after;
810d12a7	33	#ifdef DEBUG
	34	char buf[1024];
	35	int i;
	36	#endif
fb8809f4	37
	38	table = argv[1];
	39	beforec = atoi(argv[2]);
	40	before = &argv[4];
	41	afterc = atoi(argv[3]);
	42	after = &argv[4 + beforec];
	43	whoami = argv[0];
	44
810d12a7	45	#ifdef DEBUG
	46	sprintf(buf, "%s (", table);
	47	for (i = 0; i < beforec; i++) {
	48	if (i > 0)
	49	strcat(buf, ",");
	50	strcat(buf, before[i]);
	51	}
	52	strcat(buf, ")->(");
	53	for (i = 0; i < afterc; i++) {
	54	if (i > 0)
	55	strcat(buf, ",");
	56	strcat(buf, after[i]);
	57	}
	58	strcat(buf, ")\n");
	59	write(1,buf,strlen(buf));
	60	#endif
	61
fb8809f4	62	initialize_sms_error_table();
	63	initialize_krb_error_table();
	64
	65	if (!strcmp(table, "users")) {
	66	do_user(before, beforec, after, afterc);
	67	} else if (!strcmp(table, "list")) {
	68	do_list(before, beforec, after, afterc);
	69	} else if (!strcmp(table, "members")) {
	70	do_member(before, beforec, after, afterc);
	71	} else if (!strcmp(table, "filesys")) {
	72	do_filesys(before, beforec, after, afterc);
	73	} else if (!strcmp(table, "nfsquota")) {
	74	do_quota(before, beforec, after, afterc);
	75	}
	76	unlog();
	77	exit(0);
	78	}
	79
	80
	81	do_cmd(cmd)
	82	char *cmd;
	83	{
	84	char realm[REALM_SZ + 1];
	85	static int inited = 0;
810d12a7	86	int success = 0, tries = 0, fd, cc;
fb8809f4	87	CREDENTIALS c, get_ticket();
fb8809f4	88	struct passwd *pw;
810d12a7	89	char buf[128], localcell[128], p, index();
fb8809f4	90
	91	while (success == 0 && tries < 3) {
	92	if (!inited) {
	93	if (krb_get_lrealm(realm) != KSUCCESS)
	94	(void) strcpy(realm, KRB_REALM);
	95	sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
	96	krb_set_tkt_string(buf);
810d12a7	97
	98	if ((fd = open("/usr/vice/etc/ThisCell", O_RDONLY, 0)) < 0) {
	99	critical_alert("incremental", "unable to find AFS cell");
	100	exit(1);
	101	}
	102	if ((cc = read(fd, localcell, sizeof(localcell))) < 0) {
	103	critical_alert("incremental", "unable to read AFS cell");
	104	exit(1);
	105	}
	106	close(fd);
	107	p = index(localcell, '\n');
	108	if (p) *p = 0;
	109
fb8809f4	110	if (((pw = getpwnam("smsdba")) == NULL) \|\|
810d12a7	111	((c = get_ticket("sms", "", realm, localcell)) == NULL) \|\|
fb8809f4	112	(setpag() < 0) \|\|
fb8809f4	113	(setreuid(pw->pw_uid, pw->pw_uid) < 0) \|\|
810d12a7	114	aklog(c, localcell)) {
fb8809f4	115	com_err(whoami, 0, "failed to authenticate");
	116	} else
	117	inited++;
	118	}
	119
	120	if (inited) {
	121	com_err(whoami, 0, "Executing command: %s", cmd);
	122	if (system(cmd) == 0)
	123	success++;
	124	}
	125	if (!success) {
	126	tries++;
	127	sleep(5 * 60);
	128	}
	129	}
	130	if (!success)
	131	critical_alert("incremental", "failed command: %s", cmd);
	132	}
	133
	134
	135	do_user(before, beforec, after, afterc)
	136	char **before;
	137	int beforec;
	138	char **after;
	139	int afterc;
	140	{
	141	int bstate, astate;
	142	char cmd[512];
	143
	144	cmd[0] = bstate = astate = 0;
	145	if (afterc > U_STATE)
	146	astate = atoi(after[U_STATE]);
	147	if (beforec > U_STATE)
	148	bstate = atoi(before[U_STATE]);
810d12a7	149	if (astate == 2) astate = 1;
810d12a7	150	if (bstate == 2) bstate = 1;
fb8809f4	151
	152	if (astate != 1 && bstate != 1)
	153	return;
	154	if (astate == 1 && bstate != 1) {
810d12a7	155	sprintf(cmd, "%s newuser -name %s -id %s",
810d12a7	156	PRS, after[U_NAME], after[U_UID]);
fb8809f4	157	do_cmd(cmd);
	158	return;
	159	} else if (astate != 1 && bstate == 1) {
810d12a7	160	sprintf(cmd, "%s delete %s", PRS, before[U_NAME]);
fb8809f4	161	do_cmd(cmd);
	162	return;
	163	}
	164
	165	if (beforec > U_UID && afterc > U_UID &&
	166	strcmp(before[U_UID], after[U_UID])) {
	167	/* change UID, & possibly user name here */
	168	exit(1);
	169	}
	170
	171	if (beforec > U_NAME && afterc > U_NAME &&
	172	strcmp(before[U_NAME], after[U_NAME])) {
810d12a7	173	sprintf(cmd, "%s chname -oldname %s -newname %s",
810d12a7	174	PRS, before[U_NAME], after[U_NAME]);
fb8809f4	175	do_cmd(cmd);
	176	}
	177	}
	178
	179
	180
	181	do_list(before, beforec, after, afterc)
	182	char **before;
	183	int beforec;
	184	char **after;
	185	int afterc;
	186	{
	187	char cmd[512];
	188	int agid, bgid;
	189
	190	cmd[0] = agid = bgid = 0;
	191	if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
	192	bgid = atoi(before[L_GID]);
	193	if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
	194	agid = atoi(after[L_GID]);
	195
	196	if (bgid == 0 && agid != 0) {
810d12a7	197	sprintf(cmd,
	198	"%s create -name system:%s -id %s -owner system:administrators",
	199	PRS, after[L_NAME], after[L_GID]);
fb8809f4	200	do_cmd(cmd);
	201	return;
	202	}
	203	if (agid == 0 && bgid != 0) {
810d12a7	204	sprintf(cmd, "%s delete -name system:%s", PRS, before[L_NAME]);
fb8809f4	205	do_cmd(cmd);
	206	return;
	207	}
	208	if (agid == 0 && bgid == 0)
	209	return;
	210	if (strcmp(before[L_NAME], after[L_NAME])) {
	211	sprintf(cmd,
810d12a7	212	"%s chname -oldname system:%s -newname system:%s",
810d12a7	213	PRS, before[L_NAME], after[L_NAME]);
fb8809f4	214	do_cmd(cmd);
	215	return;
	216	}
	217	}
	218
	219
	220	do_member(before, beforec, after, afterc)
	221	char **before;
	222	int beforec;
	223	char **after;
	224	int afterc;
	225	{
	226	char cmd[512];
	227
	228	if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
810d12a7	229	sprintf(cmd, "%s add -user %s -group system:%s",
810d12a7	230	PRS, after[LM_MEMBER], after[LM_LIST]);
fb8809f4	231	do_cmd(cmd);
	232	return;
	233	}
	234	if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
810d12a7	235	sprintf(cmd, "%s remove -user %s -group system:%s",
810d12a7	236	PRS, before[LM_MEMBER], before[LM_LIST]);
fb8809f4	237	do_cmd(cmd);
	238	return;
	239	}
	240	}
	241
	242
	243	do_filesys(before, beforec, after, afterc)
	244	char **before;
	245	int beforec;
	246	char **after;
	247	int afterc;
	248	{
f633445d	249	if (afterc < FS_CREATE)
	250	return;
	251	if (!strcmp("AFS", after[FS_TYPE]) && !strncmp("/afs", after[FS_PACK]) &&
	252	!file_exists(after[FS_PACK])) {
	253	critical_alert("incremental", "unable to create locker %s",
	254	after[FS_PACK]);
	255	}
fb8809f4	256	}
	257
	258
	259	do_quota(before, beforec, after, afterc)
	260	char **before;
	261	int beforec;
	262	char **after;
	263	int afterc;
	264	{
	265	char cmd[512];
	266
	267	if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
	268	!(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
	269	return;
ac3e92fb	270	if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
ac3e92fb	271	return;
fb8809f4	272	if (afterc != 0) {
ac3e92fb	273	sprintf(cmd, "%s setquota -dir %s -quota %s",
ac3e92fb	274	FS, after[Q_DIRECTORY], after[Q_QUOTA]);
fb8809f4	275	do_cmd(cmd);
	276	return;
	277	}
	278	}
	279
	280
	281	CREDENTIALS *get_ticket(name, instance, realm, cell)
	282	char *name;
	283	char *instance;
	284	char *realm;
	285	char *cell;
	286	{
	287	static CREDENTIALS c;
	288	int status;
	289
	290	status = krb_get_svc_in_tkt(name, instance, realm,
	291	"krbtgt", realm, 1, KEYFILE);
	292	if (status != 0) {
	293	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
	294	return(NULL);
	295	}
	296	status = krb_get_cred("afs", cell, realm, &c);
	297	if (status != 0) {
	298	status = get_ad_tkt("afs", cell, realm, 255);
	299	if (status == 0)
	300	status = krb_get_cred("afs", cell, realm, &c);
	301	}
	302	if (status != 0) {
	303	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
	304	return(NULL);
	305	}
	306	return(&c);
	307	}
	308
	309
	310	aklog(c, cell)
	311	CREDENTIALS *c;
	312	char *cell;
	313	{
	314	struct ktc_principal aserver;
	315	struct ktc_token atoken;
	316
	317	atoken.kvno = c->kvno;
	318	strcpy(aserver.name, "afs");
	319	strcpy(aserver.instance, "");
	320	strcpy(aserver.cell, cell);
	321
	322	atoken.startTime = c->issue_date;
	323	atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
	324	bcopy (c->session, &atoken.sessionKey, 8);
	325	atoken.ticketLen = c->ticket_st.length;
	326	bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
	327
	328	return(ktc_SetToken(&aserver, &atoken, NULL));
	329	}
	330
	331
	332	unlog()
	333	{
	334	ktc_ForgetToken("afs");
ac3e92fb	335	dest_tkt();
fb8809f4	336	}